This gives room for element 0 in array of column cells.
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x608000000080 at
pc 0x5596bfaaca26 bp 0x7ffd8352a550 sp 0x7ffd83529d00
READ of size 64 at 0x608000000080 thread T0
#0 0x5596bfaaca25 in __asan_memmove (/home/src/util-linux/.libs/lt-column+0xc2a25)
#1 0x7f8d53660d1b in scols_line_move_cells /home/src/util-linux/libsmartcols/src/line.c:164:2
#2 0x7f8d5366502c in scols_table_move_column /home/src/util-linux/libsmartcols/src/table.c:307:3
#3 0x5596bfb0214b in reorder_table /home/src/util-linux/text-utils/column.c:303:3
#4 0x5596bfaff7ec in modify_table /home/src/util-linux/text-utils/column.c:393:3
#5 0x5596bfafdbb6 in main /home/src/util-linux/text-utils/column.c:770:4
#6 0x7f8d52718f69 in __libc_start_main (/usr/lib/libc.so.6+0x20f69)
#7 0x5596bfa089b9 in _start (/home/src/util-linux/.libs/lt-column+0x1e9b9)
0x608000000080 is located 0 bytes to the right of 96-byte region [0x608000000020,0x608000000080)
Signed-off-by: Sami Kerola <kerolasa@xxxxxx>
---
libsmartcols/src/line.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsmartcols/src/line.c b/libsmartcols/src/line.c
index aa339ce38..a041eeb60 100644
--- a/libsmartcols/src/line.c
+++ b/libsmartcols/src/line.c
@@ -133,7 +133,7 @@ int scols_line_alloc_cells(struct libscols_line *ln, size_t n)
DBG(LINE, ul_debugobj(ln, "alloc %zu cells", n));
- ce = realloc(ln->cells, n * sizeof(struct libscols_cell));
+ ce = realloc(ln->cells, (n + 1) * sizeof(struct libscols_cell));
if (!ce)
return -errno;
--
2.14.1
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
